Over the course of just a few months, Massachusetts-based Partners HealthCare experienced four separate data breaches across its affiliate hospitals. That gave the health system some valuable real-world experience in breach response, said CISO Jigar Kadakia.

Pacemakers can be hacked. But more mundane medical device risks pose greater security dangers. "The average typical person isn't going to be targeted," said Partners HealthCare's Rick Hampton. "We do look at what can be hacked, but what we're really terrible at is putting it in context of what is a real risk."